Just 2.5 hours of research conducted by research and advisory firm Aite Group revealed that more than 80 global e-commerce sites were actively being compromised by Magecart threat groups, which have been responsible for high-profile breaches of global enterprises.
The study, commissioned by security company Arxan Technologies, examined the impact of the threat groups, which use credit card skimming technology to infect e-commerce platforms and Web sites with the goal of stealing personal and financial information without being detected for months.
As organizations continue to rely on revenue from e-commerce activities, the potential financial impact of Magecart is “dire,” the study said. The fallout from digital skimming breaches in 2018 cost organizations hundreds of millions of dollars in government penalties alone, it said. Making matters worse, an estimated 20 percent of Web sites hit by Magecart become reinfected within five days of remediating the original problem.
The research showed that 100 percent of the 80 sites discovered had no in-application protection implemented, and 25 percent of the sites discovered were large, reputable brands.
To combat the threat, the report suggested that retailers and e-commerce organizations update or patch e-commerce platforms to the latest version; audit Web code to ensure that Web sites have not been compromised; and implement a security tool that can provide alerts when suspicious activity targets Web application code.